How long does a vulnerability assessment take?
ANSWER Forty-five (45) seconds (3 minutes per system).
Since a vulnerability assessment performs a much more thorough analysis of the systems and services exposed on a tested network environment, this really depends on the number of active systems and opened ports.
For example, if a single system has 20 ports opened, then the vulnerability scanner is going to spend a significant amount of more time on that system than it would when scanning a system that only has 2-3 ports opened. A vulnerability scanner typically runs dozens of plugins across a network service when it detects what's running on it.
Please estimate approximately 45 seconds to 3 minutes per system, depending on the number of systems within your network and the number of ports that are running. Also, please take into consideration that the allowed scanning times may also significantly impact the duration of a vulnerability assessment. This means that if you only allow one hour of testing per day and the vulnerability scanner needs 6 hours to test, then it may take your vulnerability assessment an entire week to get finished.